Hey. If your account has already been compromised, send us a ticket, talk to one of us to get it back, and then come right back here and follow these steps.
tl;dr, do these things to be secure:
- Use a password manager
- Choose a secure password
- Protect your email account
- Log off in shared spaces
- Don't share your League account
- Don't get baited by phishing attempts
Your League account is valuable. It represents hours of investment, possible monetary investment, and for better or worse, some hefty emotional investment. With value comes risk: people want that stuff.
So, how do you do that? It just takes a little effort. To get you started, we've put together a few steps and precautions to take. Go down the list and check them off. Once you're done, you'll be more secure. Or, your account will be.
There's an entire science dedicated to information security. But us? We only need to know three things:
- A password's strength is roughly equal to its length and randomness
- Dictionary words are bad, randomness is good
- You should be using a password manager
Password managers take care of creating secure passwords for most of your accounts. There are several different reputable password managers that work in different ways. Here are a few: LastPass, KeePass, and 1Password. Look into them, download one, and then choose a secure password for it. It's a bit of work up front, but absolutely worth it in the long run.
If you are choosing a password, this is the best guideline we can offer: Choose a few unrelated, uncommon words that aren't in the dictionary. String them together. That's your password. Check out this comic if you need help remembering (please do not use the password in the comic).
Your email address is your lifeline to everything. So many sites, games, and apps will reset your password without question as long as you have access to the associated email. Most email providers have their own multi-factor authentication, so take the proper precautions with them. Here's Google's security settings, since you probably have a gmail account.
If you play at a friend's house or at a PC cafe, log off. Restart the computer before you end your session. If you get up for just a second to microwave a pop tart, log off. Seriously. We get so many tickets about this.
There aren't a ton of good reasons to share your account. If you do it, we're a lot less likely to be able to successfully recover your account in the event of a compromise. Make sure you're the only one with access to your League account and your verified email. If you've shared in the past, it's fine, whatever, just make sure you've since changed your password.
If anyone, ever, asks for your account information, do not give it to them. Riot can already access your account. If we ever need to do anything to your account, we can do it already without asking for your password. These addresses are trusted Riot addresses. If you're contacted from any other domains, it's very likely that it's not from us. Be careful!